SeattleRecruiter Since 2001
the smart solution for Seattle jobs

Security and Privacy Professional

Company: DevSelect
Location: Seattle
Posted on: November 25, 2022

Job Description:

Title: Security and Privacy Professional
Reports to: CIO
Salary: DoE

POSITION SUMMARYThis position resides within the Digital Services group of CLIENT. The Security and Privacy Professional, in close partnership with the CIO and CISO, oversees and coordinates day-to-day activity related to information security and privacy oriented initiatives, policies, standards and procedures throughout the organization. The Security and Privacy Professional is responsible for planning, influencing, and coordinating the company's information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded throughout the company and are in compliance with privacy and information security laws and regulations applicable to retail institutions. Additionally, the Security and Privacy Professional is responsible for providing leadership during security events, as well as ensuring the technical and administrative support for the development of Disaster Recovery and Business Continuity programs for the company. The incumbent interfaces with theInformation and Digital
Services Core IT Operations team on matters of security and privacy operational controls. In addition, the incumbent acts as an internal consultant and to the organization on issues involving security and privacy.
-
-RESPONSIBILITIES

  • Work to determine acceptable risk levels for the enterprise and ensure that the IT environments are adequately protected from potential risks and threatsParticipate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks
    Assist in tactical follow-up on detected security issues and drive the design and implementation of solutions to reduce security risks
    Drive the research, development, and communication around Security and Privacy matters, by maintaining and working with the operational units on the enforcement ofIT security architecture, policies, procedures, solutions and standards
    Participate in and provide specific IT security oriented leadership during incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
    Keep abreast and advise the company with regard to the latest industry security and privacy best-practices and technologies
    Coordinate with Business Owners to analyze, document and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions.
    Deliver services that meet regulatory specifications. Work with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrate overall compliance . - -QualificationsA minimum of 5 years operational and strategic experience in IT controls and information security, IT compliance, networking security or IT audit is required.
    Artifact management experience including the development and maintenance of Policies, Standards, and other supporting documentation. Ability to document and maintain the details of IT remediation projects, committee meetings, and the findings of security testing and assessment projects.
    Operational experience with IT compliance requirements and processes, especially PCI DSS and adjacent PCI industry controls, mitigations, and incident responses.
    Operational experience in the inventory and classification of IT assets, and the update and maintenance thereof
    Access control and identity management experience, including the principles and management of access to network infrastructure, server platforms, Active Directory domains, and databases. Ability to provide subject matter expertise in the areas of configuration management and maintenance of access control and assessment of access for these systems. Knowledge of RADIUS, LDAP, and Cloud SSO solutions is a plus
    Skilled in the principles and management of key management and encryption systems, for information in transit and at rest. Extensive knowledge of both symmetric and asymmetric cryptographic systems
    Demonstrate extensive experience with vulnerability management
    -
    -Education4-year college degree or demonstrated equivalent experience with appropriate time-in-role, with subject matter majors in Computer Science, Information Management, Information Security or equivalent disciplines
    A SANS, CISSP or other equivalent industry-recognized Security certification is required.
    Additional certifications in IT audit or IT controls design and management are preferred
    CObIT and/orITIL certifications, education, or equivalent experience with control and operational frameworks a strong plus
    -
    -Technical SkillsInformation security assessment and auditing procedures, from both technical and business perspectives, and the use of formal methodologies such as NSAIAM
    • Vulnerability sanning and auditing toolsEnterprise-scale network and host-basedIDS architectures Enterprise-scale firewall architectures
      E-commerce application security Computer investigation and forensics methods and technologies Secure messaging architectures
      Strong Knowledge of regulatory bodies, and the regulations and guidance issued by these bodies
      Strong knowledge of control and privacy laws and standards, such as GLBA, 581386, SOX and PCI
      Must possess strong project management and leadership aptitude; demonstrated professionalism in managing multiple projects and resources effectively.
      -
      -General Knowledge and AbilitiesExperience with PKI certificate management and root certificate repositories Working experience with penetration testing
      • Experience working in a SaaS oriented Cloudenvironment Project Management experienceStrong communication and facilitation skills
        -
        -Physical RequirementsOffice based professional, no physical requirements
        -

Keywords: DevSelect, Seattle , Security and Privacy Professional, Other , Seattle, Washington

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Washington jobs by following @recnetWA on Twitter!

Seattle RSS job feeds